tags 574703 + patch tags 575740 + patch thanks Dear maintainer,
I've prepared an NMU for krb5 (versioned as 1.8+dfsg-1.1). The diff is attached to this message. Regards.
diff -u krb5-1.8+dfsg/debian/changelog krb5-1.8+dfsg/debian/changelog
--- krb5-1.8+dfsg/debian/changelog
+++ krb5-1.8+dfsg/debian/changelog
@@ -1,3 +1,13 @@
+krb5 (1.8+dfsg-1.1) unstable; urgency=high
+
+ * Non-maintainer upload by the Security Team.
+ * Fixed CVE-2010-0628: denial of service (assertion failure and daemon crash)
+ via an invalid packet that triggers incorrect preparation of an error
+ token. (Closes: 575740)
+ * Makes src/slave/kpropd.c ISO C90 compliant (Closes: #574703)
+
+ -- Giuseppe Iuculano <iucul...@debian.org> Fri, 09 Apr 2010 19:11:50 +0200
+
krb5 (1.8+dfsg-1) unstable; urgency=low
* New upstream version
diff -u krb5-1.8+dfsg/src/slave/kpropd.c krb5-1.8+dfsg/src/slave/kpropd.c
--- krb5-1.8+dfsg/src/slave/kpropd.c
+++ krb5-1.8+dfsg/src/slave/kpropd.c
@@ -265,13 +265,13 @@
}
for (res = answers; res != NULL; res = res->ai_next) {
+ int on = 1;
finet = socket(res->ai_family, res->ai_socktype, res->ai_protocol);
if (finet < 0) {
com_err(progname, errno, "while obtaining socket");
exit(1);
}
- int on = 1;
if (setsockopt (finet, SOL_SOCKET, SO_REUSEADDR,
(void *)&on, sizeof(on)) < 0)
com_err(progname, errno,
diff -u krb5-1.8+dfsg/src/lib/gssapi/spnego/spnego_mech.c krb5-1.8+dfsg/src/lib/gssapi/spnego/spnego_mech.c
--- krb5-1.8+dfsg/src/lib/gssapi/spnego/spnego_mech.c
+++ krb5-1.8+dfsg/src/lib/gssapi/spnego/spnego_mech.c
@@ -1580,7 +1580,7 @@
spnego_gss_ctx_id_t sc = NULL;
spnego_gss_cred_id_t spcred = NULL;
OM_uint32 mechstat = GSS_S_FAILURE;
- int sendTokenInit = 0;
+ int sendTokenInit = 0, tmpret;
mechtok_in = mic_in = mic_out = GSS_C_NO_BUFFER;
@@ -1613,7 +1613,6 @@
if (delegated_cred_handle != NULL)
*delegated_cred_handle = GSS_C_NO_CREDENTIAL;
if (input_token->length == 0) {
- sendTokenInit = 1;
ret = acc_ctx_hints(minor_status,
context_handle, spcred,
&mic_out,
@@ -1621,6 +1620,7 @@
&return_token);
if (ret != GSS_S_COMPLETE)
goto cleanup;
+ sendTokenInit = 1;
ret = GSS_S_CONTINUE_NEEDED;
} else {
/* Can set negState to REQUEST_MIC */
@@ -1668,27 +1668,21 @@
&negState, &return_token);
}
cleanup:
- if (return_token != NO_TOKEN_SEND && return_token != CHECK_MIC) {
- /* For acceptor-sends-first send a tokenInit */
- int tmpret;
-
+ if (return_token == INIT_TOKEN_SEND && sendTokenInit) {
assert(sc != NULL);
-
- if (sendTokenInit) {
- tmpret = make_spnego_tokenInit_msg(sc,
- 1,
- mic_out,
- 0,
- GSS_C_NO_BUFFER,
- return_token,
- output_token);
- } else {
- tmpret = make_spnego_tokenTarg_msg(negState,
- sc ? sc->internal_mech : GSS_C_NO_OID,
- &mechtok_out, mic_out,
- return_token,
- output_token);
- }
+ tmpret = make_spnego_tokenInit_msg(sc, 1, mic_out, 0,
+ GSS_C_NO_BUFFER,
+ return_token, output_token);
+ if (tmpret < 0)
+ ret = GSS_S_FAILURE;
+ } else if (return_token != NO_TOKEN_SEND &&
+ return_token != CHECK_MIC) {
+ tmpret = make_spnego_tokenTarg_msg(negState,
+ sc ? sc->internal_mech :
+ GSS_C_NO_OID,
+ &mechtok_out, mic_out,
+ return_token,
+ output_token);
if (tmpret < 0)
ret = GSS_S_FAILURE;
}
signature.asc
Description: Digital signature
